2024-05-23 10:59:42 +02:00
|
|
|
{ pkgs, ... }:
|
2024-05-23 12:08:06 +02:00
|
|
|
let secrets = import ./secrets/secrets.nix;
|
|
|
|
|
services = import ./services.nix;
|
|
|
|
|
lib = import ./lib.nix;
|
2024-05-23 10:59:42 +02:00
|
|
|
in
|
2024-05-23 12:08:06 +02:00
|
|
|
|
|
|
|
|
lib.foldMap ({ name, ip, config, ... }:
|
2024-05-23 10:59:42 +02:00
|
|
|
{
|
2024-05-23 12:08:06 +02:00
|
|
|
containers.${name} = {
|
2024-05-23 10:59:42 +02:00
|
|
|
autoStart = true;
|
|
|
|
|
ephemeral = true;
|
|
|
|
|
privateNetwork = true;
|
2024-05-23 12:08:06 +02:00
|
|
|
hostAddress = ip.host;
|
|
|
|
|
localAddress = ip.local;
|
|
|
|
|
config = config;
|
2024-05-23 10:59:42 +02:00
|
|
|
};
|
2024-05-23 12:08:06 +02:00
|
|
|
}
|
|
|
|
|
) services
|
|
|
|
|
|
|
|
|
|
//
|
2024-05-23 10:59:42 +02:00
|
|
|
|
2024-05-23 12:08:06 +02:00
|
|
|
{
|
2024-05-23 10:59:42 +02:00
|
|
|
# [NGINX]
|
|
|
|
|
services.nginx = {
|
|
|
|
|
enable = true;
|
|
|
|
|
recommendedProxySettings = true;
|
2024-05-23 12:08:06 +02:00
|
|
|
virtualHosts =
|
|
|
|
|
lib.foldMap ({ ip, port, hosts, ... }:
|
|
|
|
|
lib.foldMap (host:
|
|
|
|
|
{
|
|
|
|
|
"${host}" = {
|
|
|
|
|
locations."/".proxyPass = "http://${ip.local}:${builtins.toString port}";
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
) hosts
|
|
|
|
|
) services;
|
2024-05-23 10:59:42 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# [NETWORK]
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
|
|
|
|
networking.firewall.allowedUDPPorts = [ ];
|
|
|
|
|
|
|
|
|
|
# VM test user
|
2024-05-23 12:08:06 +02:00
|
|
|
users.users.admin.isNormalUser = true;
|
|
|
|
|
users.users.admin.hashedPassword = pkgs.lib.removeSuffix "\n"
|
|
|
|
|
(builtins.readFile ./secrets/admin_password);
|
2024-05-23 11:21:24 +02:00
|
|
|
users.users.admin.group = "admin";
|
|
|
|
|
users.groups.admin = {};
|
2024-05-23 10:59:42 +02:00
|
|
|
|
|
|
|
|
system.stateVersion = "23.11";
|
|
|
|
|
|
|
|
|
|
}
|
